5 min read Future of Work

Hybrid Isn’t About Office Days. It’s About How Decisions and Controls Work.

Across the UK (and globally), more organisations are recalibrating hybrid working and raising minimum in-office expectations after several years of flexibility. In UK financial services, for example, several large firms have publicly tightened attendance baselines—often moving from two to three in-office days for many roles. Industry research points to a broader pattern: over time, more employers are increasing on-site requirements.

Given that shift, it’s no surprise regulators are also revisiting their own models. The latest example is the FCA, which is tightening its hybrid policy from September 2026. The UK regulator expects 50% office attendance for most staff and 60% for executive committee members and directors.

In most organisations, “return to office” is framed as a culture issue: productivity, collaboration, retention, fairness. Those things matter. But for regulated firms in particular, there is a more operationally critical lens.

Hybrid working is not primarily a workplace policy. It is an operating model choice.

And operating model choices determine whether an organisation can execute reliably: how decisions are made, how controls are applied, and how knowledge moves across the system, especially under pressure.

The Hidden Failure Mode: “Control Drift” in Hybrid Organisations

Many governance and control frameworks were built for a world where:

  • Oversight happened formally and informally through physical proximity
  • Escalation was frictionless (“walk over, show the issue, get it resolved”)
  • Decision-making was visible through shared routines and meetings
  • New joiners learned by shadowing real work, not just reading process guides

Hybrid working quietly removes these “unwritten stabilisers.” If the operating model doesn’t adapt, organisations tend to experience control drift: not obvious non-compliance, but a gradual decline in the quality of challenge, evidence, and hand-offs.

The symptoms are familiar:

  • More meetings, fewer real decisions
  • Approvals that become rubber stamps because context is missing
  • Controls that exist on paper but are executed inconsistently
  • Knowledge trapped in individuals and chat threads

So the practical question isn’t “where should people sit?” It is:

How do we design governance, decision cadence, and controls so the organisation stays reliable in a hybrid reality?

Risk and Control Execution: The “Four Eyes” Problem in a Hybrid World

Most firms rely on “four eyes” controls—peer review, supervisory checks, second-line challenge, sign-off gates. In hybrid models, these controls don’t usually fail because people stop caring. They fail because context is harder to share and evidence is harder to reconstruct.

Common hybrid-era control weaknesses include:

  • Asynchronous review: reviewers see artefacts without the surrounding context
  • Fragmented evidence trails: approvals spread across email, Teams, tickets, and documents
  • Diluted challenge: less real-time debate, more “approve so we can keep moving”
  • Shadow decisions: key risk calls made in side channels, leaving a thin formal record

How can Business Architecture help: treat controls as part of workflow design, not an add-on. Be explicit about:

  • Where in the end-to-end service the control happens (not just which team “owns” it)
  • What evidence must be captured at that point (and where it lives)
  • What needs synchronous challenge versus what can be asynchronous
  • What counts as an exception and how exceptions are escalated and recorded
A simple test: could you reconstruct the rationale for a key approval six months later without relying on who remembers the conversation? If not, the control is vulnerable in a hybrid environment.

Decision Cadence: Governance Fails When Decision Cycles Are Fuzzy

The biggest execution killer in hybrid organisations isn’t a lack of meetings. It’s a lack of decision rhythm.

Hybrid working often leads to patterns like:

  • Decisions being “pre-cooked” in small groups before the formal forum meets
  • Governance becoming status updates, not decision engines
  • Sign-offs depending on physical presence (“we’ll decide when we’re all in”)
  • Blurred accountability: who decides vs who advises vs who is just informed

How can Business Architecture help: treat governance as a designed capability, not a calendar. This means:

  • Defining the decision types that really matter (e.g., risk acceptance, design exceptions, funding priorities, supplier changes, resilience investments)
  • Assigning decision rights explicitly (beyond a RACI): who can say yes/no, who can block, who can accept residual risk
  • Setting decision SLAs—how quickly decisions must be made to protect delivery and manage risk
  • Standardising the minimum artefacts needed for a decision (e.g., a one-page decision record, evidence summary, options and trade-offs)

In hybrid models, good governance is less about “more forums” and more about shorter, clearer decision pathways with evidence designed in from the start.

Knowledge management and operational handoffs: hybrid turns tacit knowledge into unmanaged risk

Operational failures rarely come from a lack of documentation. They come from poorly managed, or a lack of transfer—transfer of context, judgement, and “how things really work.”

Hybrid working reduces the informal mechanisms that historically enabled this:

  • shadowing and apprenticeship
  • overhearing problem-solving
  • debriefing after incidents or difficult cases
  • informal cross-team alignment during hand-offs

As a result, knowledge becomes scattered across individuals and conversations, creating fragility—especially during incidents, peak demand, or staff turnover.

How can Business Architecture help: make knowledge and hand-offs explicit where it matters most:

  • Identify critical handoff points in priority services (incidents, change, onboarding, claims/complaints, supplier management).
  • Define a minimum viable handover standard (what must be passed on, in what format, and where recorded).
  • Create role-based playbooks for activities where judgement and escalation are essential.
  • Ensure critical services have clear accountable owners—so knowledge has a “home.”

This is not a separate KM programme. It is operational risk management in a hybrid world.

A Practical “Monday Morning” Checklist

To turn this into action, start with five questions:

  1. Controls: Which controls require real contextual challenge (not just evidence checks)? How is that challenge built into hybrid workflows?
  2. Evidence: Can you reconstruct key decisions and approvals later from one place, or is the audit trail fragmented?
  3. Decision cadence: Which decisions are repeatedly delayed or “pre-decided”? What decision rights and SLAs would fix this?
  4. Hand-offs: Where do incidents, changes, and customer cases fail at team boundaries? What is the minimum viable handover standard?
  5. Service ownership: Do your most critical services have accountable owners who span business, technology, and key suppliers?

So, what's a solution for this?

The FCA’s move is part of a wider shift: more organisations are increasing in-office expectations. The main lesson for regulated firms is not about choosing a number of days. It is about execution reliability.

Stop treating hybrid as an HR arrangement. Start treating it as operating model design.

Some organisations often cited for making flexible work operate at scale didn’t get there through policy statements. They built repeatable work systems that reduce reliance on physical proximity:

  • Atlassian positions “Team Anywhere” as a distributed way of working, with a Team Anywhere Lab —a group of behavioural scientists designing and testing distributed work practices.
  • Dropbox created “Virtual First,” moving to “async by default” and defining Core Collaboration Hours so collaboration is predictable.
  • GitLab institutionalised “handbook-first” practices—documenting changes in the handbook and linking communications back to it—so traceability doesn’t depend on who was in the room.

What leaders should copy (evidence-based):

  • Make distributed work a designed capability, not a side effect: Atlassian’s Team Anywhere Lab treats distributed work as something to research and continuously improve.
  • Set a clear default mode of working: Dropbox frames Virtual First as the primary day-to-day experience, reducing ambiguity about how work gets done.
  • Use “async by default” norms to cut meeting dependency: Dropbox explicitly links this shift to its operating practices.
  • Define coordination windows so collaboration stays predictable: Core Collaboration Hours balance deep work with collaboration.
  • Use “handbook-first” to strengthen decision and control traceability: GitLab’s approach—documenting changes and linking communications back to the handbook—provides a practical pattern for auditability and governance.

The point is not to copy tech culture. It’s to copy the operating model mechanics: decision rights, evidence trails, control points, and handovers—designed so resilience and accountability don’t degrade when teams are dispersed.

The real question is not “how many days in the office?”

It is: have we redesigned governance, decision cadence, and control execution so they work in a hybrid reality—repeatably, audibly, and at scale?

And finally, came across this cartoon on the subject and just could not resist sharing:

Share

Deepak Mohan